• lurch (he/him)@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    A virus scan will detect it and an OS wipe will clean it.

    This only works before the malware has been executed and only if the malware scanner knows it. Often Antivirus can block access to the malware, so it can’t be executed.

    If it has been executed, the PC needs to be shut down and all writable mediums connected wiped (including boot sectors and EFI), maybe even the BIOS reset, if it can be updated, to be 100% clean. If you can’t do this, you have to toss the PC in the trash.

    If the PC is not shut down, the malware could still survive in RAM and re-install its files or download something else, eg. a remote shell or rootkit.

    These processor security flaws just extend this to the CPU firmware, meaning you need to reset this too, after malware has been executed on the PC. If you just downloaded it and the antivirus blocked and deleted it, you’re still safe.

    If it got executed and you or a technician can’t remove it from the CPU, you have to toss the PC in the trash, just like you already had to if you can’t reset a malware that flashed itself into an updatable BIOS, for example.

    • Blue_Morpho@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      Offline virus scanners are standard. That’s always how you detect if you have been infected. Bios viruses are detected and removed by standard anti-virus software.

      • lurch (he/him)@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        BIOS and UEFI bootkits require special vendor tools and vendor signed firmware binaries to overwrite the SPI memory. Standard anti-virus software can not remove them, once they have been installed.